mirror of
https://git.libssh.org/projects/libssh.git
synced 2025-08-01 11:26:52 +03:00
Remove support for DSA Keys
Solving issue #110. The original work is at !231 Some changes were needed because the newly added features in master through time Signed-off-by: Mohammad Shehar Yaar Tausif <sheharyaar48@gmail.com> Signed-off-by: Norbert Pocs <npocs@redhat.com> Reviewed-by: Jakub Jelen <jjelen@redhat.com>
This commit is contained in:
Mohammad Shehar Yaar Tausif
committed by
Jakub Jelen
Jakub Jelen
parent
486df37a84
commit
a3a13eb3a8
@ -129,10 +129,8 @@ static void torture_pki_dsa_import_pubkey_file(void **state)
|
||||
|
||||
/* The key doesn't have the hostname as comment after the key */
|
||||
rc = ssh_pki_import_pubkey_file(LIBSSH_DSA_TESTKEY ".pub", &pubkey);
|
||||
assert_return_code(rc, errno);
|
||||
assert_non_null(pubkey);
|
||||
|
||||
SSH_KEY_FREE(pubkey);
|
||||
assert_int_equal(rc, SSH_ERROR);
|
||||
assert_null(pubkey);
|
||||
}
|
||||
|
||||
static void torture_pki_dsa_import_pubkey_from_openssh_privkey(void **state)
|
||||
@ -144,10 +142,8 @@ static void torture_pki_dsa_import_pubkey_from_openssh_privkey(void **state)
|
||||
|
||||
/* The key doesn't have the hostname as comment after the key */
|
||||
rc = ssh_pki_import_pubkey_file(LIBSSH_DSA_TESTKEY_PASSPHRASE, &pubkey);
|
||||
assert_return_code(rc, errno);
|
||||
assert_non_null(pubkey);
|
||||
|
||||
SSH_KEY_FREE(pubkey);
|
||||
assert_int_equal(rc, SSH_ERROR);
|
||||
assert_null(pubkey);
|
||||
}
|
||||
|
||||
static void torture_pki_dsa_import_privkey_base64(void **state)
|
||||
@ -163,102 +159,11 @@ static void torture_pki_dsa_import_privkey_base64(void **state)
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == 0);
|
||||
|
||||
SSH_KEY_FREE(key);
|
||||
assert_int_equal(rc, SSH_ERROR);
|
||||
assert_null(key);
|
||||
}
|
||||
|
||||
static void torture_pki_dsa_import_privkey_base64_comment(void **state)
|
||||
{
|
||||
int rc, file_str_len;
|
||||
ssh_key key = NULL;
|
||||
const char *passphrase = torture_get_testkey_passphrase();
|
||||
const char *comment_str = "#this is line-comment\n#this is another\n";
|
||||
const char *key_str = NULL;
|
||||
char *file_str = NULL;
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
key_str = torture_get_testkey(SSH_KEYTYPE_DSS, 0);
|
||||
assert_non_null(key_str);
|
||||
|
||||
file_str_len = strlen(comment_str) + strlen(key_str) + 1;
|
||||
file_str = malloc(file_str_len);
|
||||
assert_non_null(file_str);
|
||||
rc = snprintf(file_str, file_str_len, "%s%s", comment_str, key_str);
|
||||
assert_int_equal(rc, file_str_len - 1);
|
||||
|
||||
rc = ssh_pki_import_privkey_base64(file_str,
|
||||
passphrase,
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == 0);
|
||||
|
||||
free(file_str);
|
||||
SSH_KEY_FREE(key);
|
||||
}
|
||||
|
||||
static void torture_pki_dsa_import_privkey_base64_whitespace(void **state)
|
||||
{
|
||||
int rc, file_str_len;
|
||||
ssh_key key = NULL;
|
||||
const char *passphrase = torture_get_testkey_passphrase();
|
||||
const char *whitespace_str = " \n\t\t\t\t\t\n\n\n\n\n";
|
||||
const char *key_str = NULL;
|
||||
char *file_str = NULL;
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
key_str = torture_get_testkey(SSH_KEYTYPE_DSS, 0);
|
||||
assert_non_null(key_str);
|
||||
|
||||
file_str_len = strlen(whitespace_str) + strlen(key_str) + 1;
|
||||
file_str = malloc(file_str_len);
|
||||
assert_non_null(file_str);
|
||||
rc = snprintf(file_str, file_str_len, "%s%s", whitespace_str, key_str);
|
||||
assert_int_equal(rc, file_str_len - 1);
|
||||
|
||||
rc = ssh_pki_import_privkey_base64(file_str,
|
||||
passphrase,
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == 0);
|
||||
|
||||
free(file_str);
|
||||
SSH_KEY_FREE(key);
|
||||
}
|
||||
|
||||
static int test_sign_verify_data(ssh_key key,
|
||||
enum ssh_digest_e hash_type,
|
||||
const unsigned char *input,
|
||||
size_t input_len)
|
||||
{
|
||||
ssh_signature sig;
|
||||
ssh_key pubkey = NULL;
|
||||
int rc;
|
||||
|
||||
/* Get the public key to verify signature */
|
||||
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
assert_non_null(pubkey);
|
||||
|
||||
/* Sign the buffer */
|
||||
sig = pki_sign_data(key, hash_type, input, input_len);
|
||||
assert_non_null(sig);
|
||||
|
||||
/* Verify signature */
|
||||
rc = pki_verify_data_signature(sig, pubkey, input, input_len);
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
|
||||
ssh_signature_free(sig);
|
||||
SSH_KEY_FREE(pubkey);
|
||||
|
||||
return rc;
|
||||
}
|
||||
|
||||
static void torture_pki_sign_data_dsa(void **state)
|
||||
static void torture_pki_generate_dsa(void **state)
|
||||
{
|
||||
int rc;
|
||||
ssh_key key = NULL;
|
||||
@ -267,619 +172,20 @@ static void torture_pki_sign_data_dsa(void **state)
|
||||
|
||||
/* Setup */
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key);
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
assert_non_null(key);
|
||||
|
||||
/* Test using SHA1 */
|
||||
rc = test_sign_verify_data(key, SSH_DIGEST_SHA1, INPUT, sizeof(INPUT));
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
|
||||
/* Cleanup */
|
||||
SSH_KEY_FREE(key);
|
||||
}
|
||||
|
||||
static void torture_pki_fail_sign_with_incompatible_hash(void **state)
|
||||
{
|
||||
int rc;
|
||||
ssh_key key = NULL;
|
||||
ssh_key pubkey = NULL;
|
||||
ssh_signature sig, bad_sig;
|
||||
|
||||
(void) state;
|
||||
|
||||
/* Setup */
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key);
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
assert_non_null(key);
|
||||
|
||||
/* Get the public key to verify signature */
|
||||
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
assert_non_null(pubkey);
|
||||
|
||||
/* Sign the buffer */
|
||||
sig = pki_sign_data(key, SSH_DIGEST_SHA1, INPUT, sizeof(INPUT));
|
||||
assert_non_null(sig);
|
||||
|
||||
/* Verify signature */
|
||||
rc = pki_verify_data_signature(sig, pubkey, INPUT, sizeof(INPUT));
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
|
||||
/* Test if signature fails with SSH_DIGEST_AUTO */
|
||||
bad_sig = pki_sign_data(key, SSH_DIGEST_AUTO, INPUT, sizeof(INPUT));
|
||||
assert_null(bad_sig);
|
||||
|
||||
/* Test if verification fails with SSH_DIGEST_AUTO */
|
||||
sig->hash_type = SSH_DIGEST_AUTO;
|
||||
rc = pki_verify_data_signature(sig, pubkey, INPUT, sizeof(INPUT));
|
||||
assert_int_not_equal(rc, SSH_OK);
|
||||
|
||||
/* Test if signature fails with SSH_DIGEST_SHA256 */
|
||||
bad_sig = pki_sign_data(key, SSH_DIGEST_SHA256, INPUT, sizeof(INPUT));
|
||||
assert_null(bad_sig);
|
||||
|
||||
/* Test if verification fails with SSH_DIGEST_SHA256 */
|
||||
sig->hash_type = SSH_DIGEST_SHA256;
|
||||
rc = pki_verify_data_signature(sig, pubkey, INPUT, sizeof(INPUT));
|
||||
assert_int_not_equal(rc, SSH_OK);
|
||||
|
||||
/* Test if signature fails with SSH_DIGEST_SHA384 */
|
||||
bad_sig = pki_sign_data(key, SSH_DIGEST_SHA384, INPUT, sizeof(INPUT));
|
||||
assert_null(bad_sig);
|
||||
|
||||
/* Test if verification fails with SSH_DIGEST_SHA384 */
|
||||
sig->hash_type = SSH_DIGEST_SHA384;
|
||||
rc = pki_verify_data_signature(sig, pubkey, INPUT, sizeof(INPUT));
|
||||
assert_int_not_equal(rc, SSH_OK);
|
||||
|
||||
/* Test if signature fails with SSH_DIGEST_SHA512 */
|
||||
bad_sig = pki_sign_data(key, SSH_DIGEST_SHA512, INPUT, sizeof(INPUT));
|
||||
assert_null(bad_sig);
|
||||
|
||||
/* Test if verification fails with SSH_DIGEST_SHA512 */
|
||||
sig->hash_type = SSH_DIGEST_SHA512;
|
||||
rc = pki_verify_data_signature(sig, pubkey, INPUT, sizeof(INPUT));
|
||||
assert_int_not_equal(rc, SSH_OK);
|
||||
|
||||
/* Cleanup */
|
||||
ssh_signature_free(sig);
|
||||
SSH_KEY_FREE(pubkey);
|
||||
SSH_KEY_FREE(key);
|
||||
}
|
||||
|
||||
#ifdef HAVE_LIBCRYPTO
|
||||
static void torture_pki_dsa_write_privkey(void **state)
|
||||
{
|
||||
ssh_key origkey = NULL;
|
||||
ssh_key privkey = NULL;
|
||||
int rc;
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
&origkey);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(origkey);
|
||||
|
||||
unlink(LIBSSH_DSA_TESTKEY);
|
||||
|
||||
rc = ssh_pki_export_privkey_file(origkey,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
LIBSSH_DSA_TESTKEY);
|
||||
assert_true(rc == 0);
|
||||
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
&privkey);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(privkey);
|
||||
|
||||
rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
|
||||
assert_true(rc == 0);
|
||||
|
||||
SSH_KEY_FREE(origkey);
|
||||
SSH_KEY_FREE(privkey);
|
||||
|
||||
/* Test with passphrase */
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
|
||||
torture_get_testkey_passphrase(),
|
||||
NULL,
|
||||
NULL,
|
||||
&origkey);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(origkey);
|
||||
|
||||
unlink(LIBSSH_DSA_TESTKEY_PASSPHRASE);
|
||||
rc = ssh_pki_export_privkey_file(origkey,
|
||||
torture_get_testkey_passphrase(),
|
||||
NULL,
|
||||
NULL,
|
||||
LIBSSH_DSA_TESTKEY_PASSPHRASE);
|
||||
assert_true(rc == 0);
|
||||
|
||||
/* Test with invalid passphrase */
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
|
||||
"invalid secret",
|
||||
NULL,
|
||||
NULL,
|
||||
&privkey);
|
||||
assert_true(rc == SSH_ERROR);
|
||||
assert_null(privkey);
|
||||
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY_PASSPHRASE,
|
||||
torture_get_testkey_passphrase(),
|
||||
NULL,
|
||||
NULL,
|
||||
&privkey);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(privkey);
|
||||
|
||||
rc = ssh_key_cmp(origkey, privkey, SSH_KEY_CMP_PRIVATE);
|
||||
assert_true(rc == 0);
|
||||
|
||||
SSH_KEY_FREE(origkey);
|
||||
SSH_KEY_FREE(privkey);
|
||||
}
|
||||
#endif
|
||||
|
||||
static void torture_pki_dsa_import_privkey_base64_passphrase(void **state)
|
||||
{
|
||||
int rc;
|
||||
ssh_key key = NULL;
|
||||
const char *passphrase = torture_get_testkey_passphrase();
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
|
||||
passphrase,
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_return_code(rc, errno);
|
||||
assert_non_null(key);
|
||||
|
||||
rc = ssh_key_is_private(key);
|
||||
assert_true(rc == 1);
|
||||
|
||||
SSH_KEY_FREE(key);
|
||||
|
||||
/* test if it returns -1 if passphrase is wrong */
|
||||
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
|
||||
"wrong passphrase !!",
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == -1);
|
||||
assert_int_equal(rc, SSH_ERROR);
|
||||
assert_null(key);
|
||||
|
||||
/* test if it returns -1 if passphrase is NULL */
|
||||
/* libcrypto asks for a passphrase, so skip this test */
|
||||
#ifndef HAVE_LIBCRYPTO
|
||||
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == -1);
|
||||
assert_null(key);
|
||||
#endif
|
||||
|
||||
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
|
||||
passphrase,
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_return_code(rc, errno);
|
||||
assert_non_null(key);
|
||||
|
||||
rc = ssh_key_is_private(key);
|
||||
assert_true(rc == 1);
|
||||
|
||||
SSH_KEY_FREE(key);
|
||||
|
||||
/* test if it returns -1 if passphrase is wrong */
|
||||
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
|
||||
"wrong passphrase !!",
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == -1);
|
||||
assert_null(key);
|
||||
|
||||
/* This free in unnecessary, but the static analyser does not know */
|
||||
SSH_KEY_FREE(key);
|
||||
|
||||
#ifndef HAVE_LIBCRYPTO
|
||||
/* test if it returns -1 if passphrase is NULL */
|
||||
/* libcrypto asks for a passphrase, so skip this test */
|
||||
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 1),
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == -1);
|
||||
assert_null(key);
|
||||
|
||||
/* This free in unnecessary, but the static analyser does not know */
|
||||
SSH_KEY_FREE(key);
|
||||
#endif /* HAVE_LIBCRYPTO */
|
||||
}
|
||||
|
||||
static void
|
||||
torture_pki_dsa_import_openssh_privkey_base64_passphrase(void **state)
|
||||
{
|
||||
int rc;
|
||||
ssh_key key = NULL;
|
||||
const char *passphrase = torture_get_testkey_passphrase();
|
||||
const char *keystring = NULL;
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
keystring = torture_get_openssh_testkey(SSH_KEYTYPE_DSS, 1);
|
||||
assert_non_null(keystring);
|
||||
|
||||
rc = ssh_pki_import_privkey_base64(keystring,
|
||||
passphrase,
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_return_code(rc, errno);
|
||||
assert_non_null(key);
|
||||
|
||||
rc = ssh_key_is_private(key);
|
||||
assert_true(rc == 1);
|
||||
|
||||
SSH_KEY_FREE(key);
|
||||
|
||||
/* test if it returns -1 if passphrase is wrong */
|
||||
rc = ssh_pki_import_privkey_base64(keystring,
|
||||
"wrong passphrase !!",
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == -1);
|
||||
assert_null(key);
|
||||
|
||||
/* test if it returns -1 if passphrase is NULL */
|
||||
rc = ssh_pki_import_privkey_base64(keystring,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == -1);
|
||||
|
||||
rc = ssh_pki_import_privkey_base64(keystring,
|
||||
passphrase,
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_return_code(rc, errno);
|
||||
assert_non_null(key);
|
||||
|
||||
rc = ssh_key_is_private(key);
|
||||
assert_true(rc == 1);
|
||||
|
||||
SSH_KEY_FREE(key);
|
||||
|
||||
/* test if it returns -1 if passphrase is wrong */
|
||||
rc = ssh_pki_import_privkey_base64(keystring,
|
||||
"wrong passphrase !!",
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == -1);
|
||||
assert_null(key);
|
||||
|
||||
/* This free is unnecessary, but the static analyser does not know */
|
||||
SSH_KEY_FREE(key);
|
||||
|
||||
/* test if it returns -1 if passphrase is NULL */
|
||||
rc = ssh_pki_import_privkey_base64(keystring,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == -1);
|
||||
assert_null(key);
|
||||
|
||||
/* This free is unnecessary, but the static analyser does not know */
|
||||
SSH_KEY_FREE(key);
|
||||
}
|
||||
|
||||
|
||||
static void torture_pki_dsa_publickey_from_privatekey(void **state)
|
||||
{
|
||||
int rc;
|
||||
ssh_key key = NULL;
|
||||
ssh_key pubkey = NULL;
|
||||
const char *passphrase = NULL;
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
rc = ssh_pki_import_privkey_base64(torture_get_testkey(SSH_KEYTYPE_DSS, 0),
|
||||
passphrase,
|
||||
NULL,
|
||||
NULL,
|
||||
&key);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(key);
|
||||
|
||||
rc = ssh_key_is_private(key);
|
||||
assert_true(rc == 1);
|
||||
|
||||
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(pubkey);
|
||||
|
||||
SSH_KEY_FREE(key);
|
||||
SSH_KEY_FREE(pubkey);
|
||||
}
|
||||
|
||||
static void torture_pki_dsa_import_cert_file(void **state)
|
||||
{
|
||||
int rc;
|
||||
ssh_key cert = NULL;
|
||||
enum ssh_keytypes_e type;
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
rc = ssh_pki_import_cert_file(LIBSSH_DSA_TESTKEY "-cert.pub", &cert);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(cert);
|
||||
|
||||
type = ssh_key_type(cert);
|
||||
assert_true(type == SSH_KEYTYPE_DSS_CERT01);
|
||||
|
||||
rc = ssh_key_is_public(cert);
|
||||
assert_true(rc == 1);
|
||||
|
||||
SSH_KEY_FREE(cert);
|
||||
}
|
||||
|
||||
static void torture_pki_dsa_publickey_base64(void **state)
|
||||
{
|
||||
enum ssh_keytypes_e type;
|
||||
char *b64_key = NULL, *key_buf = NULL, *p = NULL;
|
||||
const char *str = NULL;
|
||||
ssh_key key = NULL;
|
||||
size_t keylen;
|
||||
size_t i;
|
||||
int rc;
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
key_buf = strdup(torture_get_testkey_pub(SSH_KEYTYPE_DSS));
|
||||
assert_non_null(key_buf);
|
||||
|
||||
keylen = strlen(key_buf);
|
||||
|
||||
str = p = key_buf;
|
||||
for (i = 0; i < keylen; i++) {
|
||||
if (isspace((int)p[i])) {
|
||||
p[i] = '\0';
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
type = ssh_key_type_from_name(str);
|
||||
assert_true(type == SSH_KEYTYPE_DSS);
|
||||
|
||||
str = &p[i + 1];
|
||||
|
||||
for (; i < keylen; i++) {
|
||||
if (isspace((int)p[i])) {
|
||||
p[i] = '\0';
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
rc = ssh_pki_import_pubkey_base64(str, type, &key);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(key);
|
||||
|
||||
rc = ssh_pki_export_pubkey_base64(key, &b64_key);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(b64_key);
|
||||
|
||||
assert_string_equal(str, b64_key);
|
||||
|
||||
free(b64_key);
|
||||
free(key_buf);
|
||||
SSH_KEY_FREE(key);
|
||||
}
|
||||
|
||||
static void torture_pki_dsa_generate_pubkey_from_privkey(void **state)
|
||||
{
|
||||
char pubkey_generated[4096] = {0};
|
||||
ssh_key privkey = NULL;
|
||||
ssh_key pubkey = NULL;
|
||||
int len;
|
||||
int rc;
|
||||
|
||||
(void) state; /* unused */
|
||||
|
||||
/* remove the public key, generate it from the private key and write it. */
|
||||
unlink(LIBSSH_DSA_TESTKEY ".pub");
|
||||
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
&privkey);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(privkey);
|
||||
|
||||
rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(pubkey);
|
||||
|
||||
rc = ssh_pki_export_pubkey_file(pubkey, LIBSSH_DSA_TESTKEY ".pub");
|
||||
assert_true(rc == 0);
|
||||
|
||||
rc = torture_read_one_line(LIBSSH_DSA_TESTKEY ".pub",
|
||||
pubkey_generated,
|
||||
sizeof(pubkey_generated));
|
||||
assert_true(rc == 0);
|
||||
|
||||
len = torture_pubkey_len(torture_get_testkey_pub(SSH_KEYTYPE_DSS));
|
||||
assert_memory_equal(torture_get_testkey_pub(SSH_KEYTYPE_DSS),
|
||||
pubkey_generated,
|
||||
len);
|
||||
|
||||
SSH_KEY_FREE(privkey);
|
||||
SSH_KEY_FREE(pubkey);
|
||||
}
|
||||
|
||||
static void torture_pki_dsa_duplicate_key(void **state)
|
||||
{
|
||||
int rc;
|
||||
char *b64_key = NULL;
|
||||
char *b64_key_gen = NULL;
|
||||
ssh_key pubkey = NULL;
|
||||
ssh_key pubkey_dup = NULL;
|
||||
ssh_key privkey = NULL;
|
||||
ssh_key privkey_dup = NULL;
|
||||
|
||||
(void) state;
|
||||
|
||||
rc = ssh_pki_import_pubkey_file(LIBSSH_DSA_TESTKEY ".pub", &pubkey);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(pubkey);
|
||||
|
||||
rc = ssh_pki_export_pubkey_base64(pubkey, &b64_key);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(b64_key);
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
&privkey);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(privkey);
|
||||
|
||||
privkey_dup = ssh_key_dup(privkey);
|
||||
assert_non_null(privkey_dup);
|
||||
|
||||
rc = ssh_pki_export_privkey_to_pubkey(privkey, &pubkey_dup);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(pubkey_dup);
|
||||
|
||||
rc = ssh_pki_export_pubkey_base64(pubkey_dup, &b64_key_gen);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(b64_key_gen);
|
||||
|
||||
assert_string_equal(b64_key, b64_key_gen);
|
||||
|
||||
rc = ssh_key_cmp(privkey, privkey_dup, SSH_KEY_CMP_PRIVATE);
|
||||
assert_true(rc == 0);
|
||||
|
||||
rc = ssh_key_cmp(pubkey, pubkey_dup, SSH_KEY_CMP_PUBLIC);
|
||||
assert_true(rc == 0);
|
||||
|
||||
SSH_KEY_FREE(pubkey);
|
||||
SSH_KEY_FREE(pubkey_dup);
|
||||
|
||||
SSH_KEY_FREE(privkey);
|
||||
SSH_KEY_FREE(privkey_dup);
|
||||
SSH_STRING_FREE_CHAR(b64_key);
|
||||
SSH_STRING_FREE_CHAR(b64_key_gen);
|
||||
}
|
||||
|
||||
static void torture_pki_dsa_generate_key(void **state)
|
||||
{
|
||||
int rc;
|
||||
ssh_key key = NULL, pubkey = NULL;
|
||||
ssh_signature sign = NULL;
|
||||
ssh_session session=ssh_new();
|
||||
(void) state;
|
||||
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 1024, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
assert_non_null(pubkey);
|
||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
||||
assert_non_null(sign);
|
||||
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||
assert_true(rc == SSH_OK);
|
||||
ssh_signature_free(sign);
|
||||
SSH_KEY_FREE(key);
|
||||
SSH_KEY_FREE(pubkey);
|
||||
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 2048, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
assert_non_null(pubkey);
|
||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
||||
assert_non_null(sign);
|
||||
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||
assert_true(rc == SSH_OK);
|
||||
ssh_signature_free(sign);
|
||||
SSH_KEY_FREE(key);
|
||||
SSH_KEY_FREE(pubkey);
|
||||
|
||||
rc = ssh_pki_generate(SSH_KEYTYPE_DSS, 3072, &key);
|
||||
assert_true(rc == SSH_OK);
|
||||
assert_non_null(key);
|
||||
rc = ssh_pki_export_privkey_to_pubkey(key, &pubkey);
|
||||
assert_int_equal(rc, SSH_OK);
|
||||
assert_non_null(pubkey);
|
||||
sign = pki_do_sign(key, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
||||
assert_non_null(sign);
|
||||
rc = ssh_pki_signature_verify(session, sign, pubkey, INPUT, sizeof(INPUT));
|
||||
assert_true(rc == SSH_OK);
|
||||
ssh_signature_free(sign);
|
||||
SSH_KEY_FREE(key);
|
||||
SSH_KEY_FREE(pubkey);
|
||||
|
||||
ssh_free(session);
|
||||
}
|
||||
|
||||
static void torture_pki_dsa_cert_verify(void **state)
|
||||
{
|
||||
int rc;
|
||||
ssh_key privkey = NULL, cert = NULL;
|
||||
ssh_signature sign = NULL;
|
||||
ssh_session session=ssh_new();
|
||||
(void) state;
|
||||
|
||||
rc = ssh_pki_import_privkey_file(LIBSSH_DSA_TESTKEY,
|
||||
NULL,
|
||||
NULL,
|
||||
NULL,
|
||||
&privkey);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(privkey);
|
||||
|
||||
rc = ssh_pki_import_cert_file(LIBSSH_DSA_TESTKEY "-cert.pub", &cert);
|
||||
assert_true(rc == 0);
|
||||
assert_non_null(cert);
|
||||
|
||||
sign = pki_do_sign(privkey, INPUT, sizeof(INPUT), SSH_DIGEST_SHA1);
|
||||
assert_non_null(sign);
|
||||
rc = ssh_pki_signature_verify(session, sign, cert, INPUT, sizeof(INPUT));
|
||||
assert_true(rc == SSH_OK);
|
||||
ssh_signature_free(sign);
|
||||
SSH_KEY_FREE(privkey);
|
||||
SSH_KEY_FREE(cert);
|
||||
|
||||
ssh_free(session);
|
||||
}
|
||||
|
||||
static void torture_pki_dsa_skip(UNUSED_PARAM(void **state))
|
||||
{
|
||||
skip();
|
||||
assert_int_equal(rc, SSH_ERROR);
|
||||
assert_null(cert);
|
||||
}
|
||||
|
||||
int torture_run_tests(void)
|
||||
@ -895,60 +201,20 @@ int torture_run_tests(void)
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64_comment,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64_whitespace,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_import_privkey_base64,
|
||||
setup_openssh_dsa_key,
|
||||
teardown),
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_publickey_from_privatekey,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_import_cert_file,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
#ifdef HAVE_LIBCRYPTO
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_write_privkey,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
#endif
|
||||
cmocka_unit_test(torture_pki_sign_data_dsa),
|
||||
cmocka_unit_test(torture_pki_fail_sign_with_incompatible_hash),
|
||||
cmocka_unit_test(torture_pki_dsa_import_privkey_base64_passphrase),
|
||||
cmocka_unit_test(torture_pki_dsa_import_openssh_privkey_base64_passphrase),
|
||||
|
||||
/* public key */
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_publickey_base64,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_generate_pubkey_from_privkey,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_duplicate_key,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_duplicate_key,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
cmocka_unit_test(torture_pki_dsa_generate_key),
|
||||
cmocka_unit_test_setup_teardown(torture_pki_dsa_cert_verify,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
};
|
||||
struct CMUnitTest skip_tests[] = {
|
||||
cmocka_unit_test(torture_pki_dsa_skip)
|
||||
cmocka_unit_test_setup_teardown(torture_pki_generate_dsa,
|
||||
setup_dsa_key,
|
||||
teardown),
|
||||
};
|
||||
|
||||
ssh_init();
|
||||
if (ssh_fips_mode()) {
|
||||
rc = cmocka_run_group_tests(skip_tests, NULL, NULL);
|
||||
} else {
|
||||
torture_filter_tests(tests);
|
||||
rc = cmocka_run_group_tests(tests, NULL, NULL);
|
||||
}
|
||||
torture_filter_tests(tests);
|
||||
rc = cmocka_run_group_tests(tests, NULL, NULL);
|
||||
ssh_finalize();
|
||||
return rc;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user